Privacy policy
Last updated: 06-05-2026
RB Atelier respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website, place an order, contact us, subscribe to marketing, or otherwise use our services.
This Privacy Policy applies to the website, online store, customer service, order processing, payments, shipping, returns, marketing, and related services of RB Atelier.
This Privacy Policy is written in accordance with the General Data Protection Regulation, also known in the Netherlands as the AVG, and other applicable Dutch and EU privacy laws.
1. Who We Are
RB Atelier
Rigastraat 77
3541 ED Utrecht
The Netherlands
Email: info@rbatelier.com
For the purposes of applicable privacy laws, RB Atelier is the data controller for the personal data we process through our webshop, customer service, order handling, marketing, and business administration.
Our store is powered by Shopify, which provides the e-commerce platform we use to operate our online store.
2. What Is Personal Data?
Personal data means any information that identifies you or can reasonably be linked to you. This includes information such as your name, email address, delivery address, order history, IP address, payment information, and online identifiers.
Personal data does not include information that has been fully anonymised and can no longer be linked to you.
3. Personal Data We Collect
Depending on how you interact with RB Atelier, we may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Contact details | Name, email address, phone number, billing address, delivery address |
| Order details | Products ordered, order number, order date, order value, returns, refunds, complaints |
| Payment details | Payment method, payment status, transaction reference, billing details |
| Account details | Login details, saved addresses, preferences, account settings |
| Communication data | Emails, customer service requests, return requests, complaints, feedback |
| Technical data | IP address, browser type, device type, operating system, time zone, language settings |
| Website usage data | Pages visited, products viewed, items added to cart, checkout behaviour |
| Marketing data | Newsletter subscription, marketing preferences, email engagement |
| Cookie data | Cookie identifiers, consent preferences, tracking and analytics data where permitted |
| Review or user content | Product reviews, comments, or other content you choose to submit |
We do not intentionally collect special categories of personal data, such as health data, religious beliefs, political opinions, biometric data, or criminal data.
4. How We Collect Personal Data
We collect personal data in the following ways:
-
Directly from you
For example, when you place an order, create an account, contact us, request a return, subscribe to our newsletter, or submit a review. -
Automatically through our website
For example, through cookies, pixels, server logs, analytics tools, and similar technologies. -
From service providers
For example, from Shopify, payment providers, shipping providers, email tools, analytics providers, advertising platforms, fraud-prevention services, and customer support tools. -
From third parties where legally permitted
For example, from payment verification providers, delivery partners, or marketing platforms when this is necessary and lawful.
5. Why We Use Your Personal Data
We only process your personal data when we have a valid legal basis under the AVG/GDPR. The GDPR requires organisations to have a lawful basis before processing personal data.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Processing and delivering your order | Contact details, order details, delivery address, payment confirmation | Performance of a contract |
| Processing payments | Billing details, payment status, transaction data | Performance of a contract; legal obligation |
| Sending order updates | Email address, order status, shipping details | Performance of a contract |
| Handling returns and refunds | Order details, payment confirmation, communication data | Performance of a contract; legal obligation |
| Customer service | Contact details, communication data, order history | Performance of a contract; legitimate interest |
| Managing customer accounts | Account details, saved addresses, preferences | Performance of a contract |
| Website functionality | Technical data, functional cookies, session data | Legitimate interest; performance of a contract |
| Fraud prevention and security | IP address, device data, transaction data, order behaviour | Legitimate interest |
| Legal and tax administration | Invoices, payment records, order records | Legal obligation |
| Sending newsletters | Email address, marketing preferences | Consent |
| Personalised advertising | Cookie data, website usage, product views, cart activity | Consent |
| Analytics and website improvement | Usage data, technical data, analytics cookies | Consent or legitimate interest, depending on the tool and configuration |
| Defending legal claims | Order records, communications, transaction data | Legitimate interest; legal obligation |
6. Orders, Payments, and Delivery
We use your personal data to process your order, accept payment, deliver your purchase, provide order updates, handle returns, and comply with legal administration duties.
To complete your order, we may share necessary information with:
- Shopify;
- Payment providers;
- Shipping and delivery providers;
- Fulfilment partners, if applicable;
- Customer support tools;
- Accounting or tax service providers.
RB Atelier does not store full credit card or debit card numbers. Payment information is handled by secure payment providers.
7. Shopify
Our webshop is hosted and supported by Shopify. Shopify provides the platform that allows us to display products, manage checkout, process orders, support payments, operate customer accounts, and run our online store.
Personal data submitted through our store may be processed by Shopify and its service providers. This may include your contact details, order details, payment-related information, technical data, and website usage information.
Shopify may process personal data:
- On our behalf as a service provider;
- As an independent controller for certain platform, security, analytics, fraud-prevention, or product-improvement purposes;
- In accordance with Shopify’s own privacy documentation.
Where Shopify processes personal data outside the European Economic Area, appropriate safeguards must be used, such as Standard Contractual Clauses or other lawful transfer mechanisms.
8. Service Providers and Third Parties
We may share personal data with trusted service providers where necessary to operate our business, provide our services, or comply with legal obligations.
These may include:
| Type of Provider | Purpose |
|---|---|
| Shopify | Webshop hosting, checkout, order management |
| Payment providers | Processing payments and preventing fraud |
| Shipping providers | Delivering orders and providing tracking |
| Email service providers | Sending order emails, customer service replies, newsletters |
| Analytics providers | Measuring website performance and improving the store |
| Advertising platforms | Showing ads, retargeting, campaign measurement |
| IT and hosting providers | Security, website functionality, infrastructure |
| Accounting and tax advisers | Bookkeeping, tax compliance, administration |
| Legal advisers or authorities | Legal compliance, dispute handling, legal claims |
We only share personal data where this is necessary, lawful, and proportionate.
Where service providers process personal data on our behalf, we require them to protect the data and use it only for the agreed purposes.
9. Marketing Emails
We may send marketing emails if you have subscribed to our newsletter, given consent, or where we are legally allowed to contact existing customers about similar products.
You can unsubscribe at any time by clicking the unsubscribe link in our emails or by contacting us at:
If you unsubscribe from marketing emails, we may still send you service-related emails, such as order confirmations, shipping updates, return updates, or important legal notices.
10. Cookies and Similar Technologies
Our website uses cookies and similar technologies.
Cookies are small files placed on your device that help the website function, remember preferences, analyse usage, or support marketing and advertising.
We may use the following types of cookies:
| Cookie Type | Purpose | Consent Required? |
|---|---|---|
| Functional cookies | To make the website, shopping cart, checkout, and account features work | No |
| Preference cookies | To remember choices such as language, region, or settings | Sometimes |
| Analytical cookies | To understand website traffic and improve performance | Sometimes, depending on configuration |
| Marketing/tracking cookies | To show personalised ads, retarget visitors, measure campaigns, or track users across websites | Yes |
In the Netherlands, functional cookies may generally be placed without consent, but tracking cookies and some analytical cookies require prior consent.
You can manage your cookie preferences through our cookie banner or through your browser settings.
You must be able to use our website normally even if you do not consent to tracking cookies, although some personalised features may not be available. The Dutch Data Protection Authority states that websites or apps must still be usable if a visitor refuses tracking cookies.
11. Personalised Advertising and Tracking
If you give consent, we may use cookies, pixels, and similar technologies to show personalised advertisements and measure advertising performance.
This may include data such as:
- Products you viewed;
- Items added to your cart;
- Pages visited;
- Purchase activity;
- Cookie identifiers;
- Device and browser information;
- Interaction with our advertisements.
Advertising partners may combine this data with information from other websites or platforms, depending on your consent settings and their own privacy policies.
You can withdraw your consent at any time through our cookie settings or browser settings.
12. Reviews and User Content
If you leave a product review or submit content to RB Atelier, we may publish the content you provide, such as your review text, rating, first name, or initials, depending on the review tool used.
Do not submit personal data in public reviews that you do not want to be visible to others.
We may remove reviews or content that are unlawful, abusive, misleading, spam, or unrelated to the product.
13. Legal and Tax Administration
We are required to keep certain records for legal, accounting, and tax purposes. This includes invoices, order records, payment records, and related correspondence.
In the Netherlands, business administration records are generally kept for 7 years for tax purposes.
Where we must keep data for legal or tax reasons, we may not be able to delete it immediately, even if you request deletion.
14. How Long We Keep Personal Data
We do not keep personal data longer than necessary for the purposes described in this Privacy Policy, unless we are legally required to keep it longer.
| Data Type | Retention Period |
|---|---|
| Order and invoice records | 7 years for Dutch tax administration |
| Payment and transaction records | 7 years where required for administration |
| Customer account data | Until the account is deleted or no longer needed, unless legal retention applies |
| Customer service emails | Up to 2 years after the issue is resolved, unless needed for legal claims |
| Return and complaint records | As long as necessary to handle the matter and legal warranty obligations |
| Newsletter subscription data | Until you unsubscribe or withdraw consent |
| Cookie consent records | As long as necessary to prove consent |
| Marketing and tracking data | According to cookie settings, consent status, and tool retention periods |
| Security logs | As long as reasonably necessary for fraud prevention and website security |
15. Security
We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration, and destruction.
These measures may include:
- Secure checkout;
- SSL/TLS encryption where applicable;
- Access controls;
- Limited access to customer data;
- Secure passwords and account protection;
- Use of trusted service providers;
- Monitoring for suspicious activity;
- Regular review of apps and third-party tools.
No system is completely secure. You are responsible for keeping your account login details confidential and for using secure communication channels when contacting us.
16. International Transfers
Some service providers, including Shopify and related technology providers, may process personal data outside the European Economic Area.
If personal data is transferred outside the EEA, we rely on appropriate safeguards, such as:
- An adequacy decision by the European Commission;
- Standard Contractual Clauses;
- Additional technical, contractual, or organisational safeguards where required.
17. Children’s Privacy
Our website and services are not intended for children under 16 years old.
We do not knowingly collect personal data from children under 16 without permission from a parent or legal guardian.
If you believe that a child has provided us with personal data, please contact us at:
We will delete the data where required by law.
18. Your Privacy Rights
Under the AVG/GDPR, you have rights over your personal data. The Dutch Data Protection Authority explains that individuals have several rights when organisations use their personal data.
You may have the following rights:
| Right | Meaning |
|---|---|
| Right of access | You can ask what personal data we process about you |
| Right to rectification | You can ask us to correct inaccurate or incomplete data |
| Right to erasure | You can ask us to delete your personal data |
| Right to restriction | You can ask us to temporarily limit how we use your data |
| Right to object | You can object to processing based on legitimate interest or direct marketing |
| Right to data portability | You can ask to receive certain data in a structured, commonly used format |
| Right to withdraw consent | You can withdraw consent where processing is based on consent |
| Right to complain | You can lodge a complaint with a supervisory authority |
These rights are not absolute. We may refuse or limit a request where permitted by law, for example if we must keep data for tax obligations, legal claims, fraud prevention, or order administration.
19. How to Exercise Your Rights
To exercise your privacy rights, contact us at:
Email: info@rbatelier.com
Address: Rigastraat 77, 3541 ED Utrecht, The Netherlands
Please clearly state which privacy right you want to exercise.
We may ask you to verify your identity before processing your request. This helps us prevent unauthorised access to your personal data.
We will respond to your request within the period required by the AVG/GDPR, normally within one month. If your request is complex or if you make multiple requests, this period may be extended where allowed by law.
20. Right to Object to Direct Marketing
You always have the right to object to direct marketing.
If you object to direct marketing, we will stop using your personal data for that purpose.
You can unsubscribe from marketing emails using the unsubscribe link in the email or by contacting:
21. Complaints
If you are unhappy with how we process your personal data, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the Dutch data protection authority:
Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl
The Autoriteit Persoonsgegevens is the Dutch supervisory authority for privacy and personal data protection.
22. Third-Party Websites and Links
Our website may contain links to third-party websites, apps, platforms, or social media pages.
We are not responsible for the privacy practices, security, content, or policies of third-party websites. Please read their privacy policies before providing personal data to them.
23. Changes to This Privacy Policy
We may update this Privacy Policy from time to time, for example because of changes to our website, Shopify settings, apps, cookies, service providers, business operations, or legal requirements.
The latest version will always be published on our website with the updated date.
If changes are significant, we will provide additional notice where required by law.
24. Contact
For questions about this Privacy Policy, your personal data, or your privacy rights, contact us at:
RB Atelier
Rigastraat 77
3541 ED Utrecht
The Netherlands
Email: info@rbatelier.com
For the purposes of applicable data protection law, RB Atelier is the controller of your personal data.
